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DETAILED ACTION 

This communication is in response to applicants' amendment received on June 
07, 2004. Claims 1 , 5, 1 0, 1 5, 1 7, 1 9, 27 and 28 are amended, claims 29 and 30 are 
newly added and claim 1 1 is cancelled. 

It is acknowledged that the amendments of the claims and the addition of new 
claims do not introduce any new matter to the claimed invention. 

Applicants' arguments have been fully considered but they are not persuasive. 

The applicants' arguments are responded in the context of rejecting the claims as 
follows. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at the time the invention was made to 
a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 
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1. Claims 1-10 and 12-30 are rejected under 35 USC 103(a) as being unpatentable 
over Smith et a! (6,061 ,448) (hereinafter Smith) in view of Boebert et al (5,864,683) 
(hereinafter Boebert. 

Claims 1-3, 5, and 28 

Smith discloses a system for secure document delivery over an open network, 
such as Internet (col. 4, lines 26-61 ). The document Is sent from a sender to a recipient 
via a delivery sever. Smith also discloses that the document Is stored on the sender's 
computer (corresponding to the recited storing the package In escrow) until It is sent to 
the recipient (col. 4, lines 24-35). In the Smith system, upon the sender's direction the 
delivery server determines whether the recipient has a public key by querying a 
database (directory) (col. 4, lines 37-49 and col. 6, lines 11-15). In the event that the 
recipient does not have a public key (co. 5, lines 5-15) the server sends an e-mail 
message (a notification) to the recipient containing a dynamically generated URL. 
Recipient dynamically downloads (corresponding to the recited receiving an 
acknowledgement from the addressee) a Java Applet or Plug-In by accessing the URL. 
This Applet or Plug-in (corresponding to the recited keys generation module) then runs 
on the recipient system and generates a private/public key pair. The new public key is 
sent (col. 5, lines 15-29) to the delivery server. The delivery server may send the new 
public key to a certificate authority for storage (a public key directory) or may simply 
keep the public key in a local database. The delivery sever authenticates the public key 
(corresponding to the recited authentication of the addressee). After the authentication 
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of the public key (corresponding to the recited in response to subsequently verified 
authentication) the server transnnits the recipient's public key to the sender to be used 
for transnnission of document to the recipient. The sender uses the authenticated 
recipient's public key (col. 5, lines 30-52) to encrypt a secret key that has been used for 
encryption of the document to be delivered to the recipient. Afterward, the sender 
transmits the encrypted document, the recipient's address and the encrypted secret key 
to the delivery server to be delivered to the recipient. In one embodiment of the Smith 
system (col. 5, lines 60-65) the document encrypted by the secret key and the 
encrypted secret key are delivered to the recipient. In another embodiment, the server 
of the Smith system (col. 6, lines 3-10) may use the recipients public key to encrypt the 
document. The encrypted document is then transmitted to the recipient. 

Smith, however, does not expressly disclose that an escrow key is used to 
encrypt the document while stored in escrow on the sender's computer before delivering 
to the recipient. 

Boebert discloses a system of secure transfer of data from a sender to a 
recipient over a public network (abstract; Fig. 12). Boebert also discloses that data is 
securely stored (corresponding to the recited storing the package in escrow) by using a 
local cryptography (corresponding to the recited escrow encryption key) (col. 6, lines 6- 
8, col. 12, lines 39-42 and col. 28, line 47-coL 29, line 37), For delivering the data to a 
client, the client is authenticated (col. 7, lines 58-64), the stored data is first decrypted 
using the local cryptography and then encrypted using a negotiated cryptography 
(corresponding to the recited addressee's public key) (col. 31, lines 1-41). 
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It would have been obvious to a person of ordinary skill In the art at the time the 
invention was made to implement in the system of Smith the encryption of document 
using an encryption key for storing in escrow at the sender's end as taught in Boebert, 
because it would protect the stored data before delivering to the recipient (col. 5, lines 
8-12). 

Claims 4 and 7 

Claims 4 and 7 are rejected over Smith in view of Boebert as applied to the like 
elements of Claims 1 -3 above and further the following. 

Smith (col. 4, lines 50-56) provides a secret key corresponding to the recited 
escrow key, for encryption and decryption of a document (col. 3, lines 64-67) to be 
transferred to a recipient. Smith also teaches that any encryption scheme (symmetric or 
asymmetric) (col. 4, lines 57-67) known in the art can be utilized for the secure 
transmission of information between a sender and a recipient. 

Claims 

Claim 6 is rejected over Smith in view of Boebert as applied to like elements of 
Claims 1-3 above and the following. 

Smith (col. 5, lines 5-15) teaches that the delivery server notifies recipient via e- 
mail that there is no recipient's public key in the public key database. 
Claim 8 
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Claim 8 is rejected over Smith in view of Boebert as applied to like elements of 
Claims 1 -3 above and the following. 

Smith (col. 5, lines 5-15) teaches that the secret key corresponding to the recited 
escrow key is not the same as the public and private keys of the recipient. 

Claim 9 

Claim 9 is rejected over Smith in view of Boebert as applied to like elements of 
Claims 1-3 above and the following. 

Smith (col. 5, lines 17-25) teaches that the server authenticates the recipient 
using the recipient's e-mail address after receiving the public key of the recipient via e- 
mail that includes the recipient's name and e-mail address. 

Claims 10 and 15 

Smith discloses that the delivery server upon the sender's request, queries a 
database to retrieve the recipient's public key (col. 4, lines 39-41 ). The sender uses the 
retrieved public key to encrypt the document (col. 3, lines 14-19). Smith also discloses 
that a sender notifies a delivery server that the sender intends to send a document to a 
recipient (corresponding to the recited notifying the addressee) (col. 5, lines 53-59). The 
delivery sever, prior to the delivery of document, authenticates the recipient (col. 5, lines 
15-29). The encrypted document is then transmitted to the recipient via a network and 
only an intended recipient is permitted (an authenticated user) to gain access to the 
encrypted document (col. 3, lines 52-63). 
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However, Smith does not disclose expressly the storing of the encrypted 
document prior to the delivery of document to the recipient and authenticating the 
addressee based on a message sent by the addressee. 

Boebert discloses a system of secure transfer of data from a sender to a 
recipient over a public network (abstract; Fig. 12). Boebert also discloses that data is 
securely stored by using a local cryptography (col. 28, line 47-col. 29, line 37). Boebert 
further discloses that the recipient is authenticated before sending the encrypted 
document to the recipient by use of a public-key technique and digital signature 
(corresponding to the authentication of addressee based on a manipulated message 
sent by the addressee encrypted by the addressee's private key) (col. 4, lines 52-62). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to implement storage of an encrypted document and authentication 
of the recipient prior to the delivery of the document as taught in Boebert in the system 
of Smith, because it would provide for verification of the identity of the authorized 
recipient (col. 5, lines 10-12). 

Claims 12-14 

Smith discloses a system for secure document delivery over an open network, 
such as Internet (col. 4, lines 26-61). The document is sent from a sender to a recipient 
via a delivery sever. Smith also discloses that the document is stored on the sender's 
computer (corresponding to the recited storing the package in escrow) until it is sent to 
the recipient (col. 4, lines 24-35). In the Smith system, upon the sender's direction the 
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delivery server determines whether the recipient has a public key by querying a 
database (directory) (col. 4, lines 37-49 and col. 6, lines 11-15). In the event that the 
recipient does not have a public key (co. 5, lines 5-15) the server sends an e-mail 
message (a notification) to the recipient containing a dynamically generated URL. 
Recipient dynamically downloads (corresponding to the recited receiving an 
acknowledgement from the addressee) a Java Applet or Plug-in by accessing the URL. 
This Applet or Plug-in (corresponding to the recited keys generation module) then runs 
on the recipient system and generates a private/public key pair. The new public key is 
sent (col. 5, lines 15-29) to the delivery server. The delivery server may send the new 
public key to a certificate authority for storage (a public key directory) or may simply 
keep the public key in a local database. The delivery sever authenticates the public key 
(corresponding to the recited authentication of the addressee). After the authentication 
of the public key (corresponding to the recited in response to subsequently verified 
authentication) the server transmits the recipient's public key to the sender to be used 
for transmission of document to the recipient. The sender uses the authenticated 
recipient's public key (col. 5, lines 30-52) to encrypt a secret key that has been used for 
encryption of the document to be delivered to the recipient. Afterward, the sender 
transmits the encrypted document, the recipient's address and the encrypted secret key 
to the delivery server to be delivered to the recipient. In one embodiment of the Smith 
system (col. 5, lines 60-65) the document encrypted by the secret key and the 
encrypted secret key are delivered to the recipient. In another embodiment, the server 
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of the Smith system (col. 6, lines 3-10) may use the recipient's public key to encrypt the 
document. The encrypted document is then transmitted to the recipient. 

Smith, however, does not expressly disclose storing the document encrypted by 
an escrow key and delivering the document to the recipient after decrypting the 
document using the escrow key and re-encrypting the document using the recipient 
public key. 

Boebert discloses a system of secure transfer of data from a sender to a 
recipient over a public network (abstract; Fig. 12). Boebert also discloses that data is 
securely stored (corresponding to the recited storing the package in escrow) by using a 
local cryptography (corresponding to the recited escrow encryption key) (col. 6, lines 6- 
8, col. 12, lines 39-42 and col. 28, line 47-col. 29, line 37). For delivering the data to a 
client, the client is authenticated (col. 7, lines 58-64), the stored data is first decrypted 
using the local cryptography and then encrypted using a negotiated cryptography 
(corresponding to the recited addressee's public key) (col. 31, lines 1-41). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to implement in the system of Smith the encryption of document 
using an encryption key for storing in escrow at the sender's end, and decrypting the 
document by the encryption key and re-encrypting the document using another key 
such as the recipient public key prior to the delivery of the document to the recipient as 
taught in Boebert, because it would protect the stored data before delivering to the 
recipient (col. 5, lines 8-12). 
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Claims 4 and 7 

Claims 4 and 7 are rejected over Smith in view of Boebert as applied to the like 
elements of Claims 1-3 above and further the following. 

Smith (col. 4, lines 50-56) provides a secret key corresponding to the recited 
escrow key, for encryption and decryption of a document (col. 3, lines 64-67) to be 
transferred to a recipient. Smith also teaches that any encryption scheme (symmetric or 
asymmetric) (col. 4, lines 57-67) known in the art can be utilized for the secure 
transmission of information between a sender and a recipient. 



Claim 16 

This claim is rejected over Smith in view of Boebert as applied to like elements of 
claims 1-3 above and the following. 

Smith discloses (col. 3, lines 14-18) that the document is encrypted using the 
recipient public key. The encrypted document is then transmitted to the recipient and 
decrypted using the new private key associated with the public key. 

Claims 17 and 23 

Smith discloses the use of: 

An appropriate means such as Internet Lightweight Directory Access Protocol 
(LDAP) corresponding to the recited directory interface, to access a database in 
determining whether the recipient has a public key (col. 6, lines 50-65); 
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A computer code (corresponding to the recited notification module) that is used 
by the delivery server (col. 5, lines 5-1 1 and col. 8, lines 1-7) to send messages to the 
recipients via a network; 

A computer module such as an applet or plug-in (corresponding to the recited a 
key generation module) to generate public and private keys for the recipient in response 
to the notification from the delivery server (col. 5, lines 10-15); and 

A mechanism used by the delivery server (corresponding to the recited a 
transmission module) to deliver an encrypted document to a recipient (col. 5, lines 44- 
46 and col. 5, lines 63-67). 

Smith, however, does not expressly disclose an escrow manager to provide an 
escrow encryption key, an encryption module to encrypt a document using the escrow 
key, a medium to store the encrypted document in escrow and authenticating the 
recipient by successful decryption of a message sent by the recipient using the public 
key of the addressee. 

Boebert discloses a system of secure transfer of data from a sender to a 
recipient over a public network (abstract; Fig. 12). Boebert also discloses a local 
cryptography function (corresponding to the recited encryption module) either as a 
separate module or combined with a client protocol module that provides local 
cryptography such as encrypting data for securely storing locally (within internal 
network) (col. 6, lines 6-10, col. 8, lines 24-42 and col. 12, lines 11-17). Boebert further 
discloses authentication of the recipient before sending the encrypted document to the 
recipient by use of a public-key technique (corresponding to the recited in response to 
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successful decryption of a message sent by addressee) (col. 4, lines 52-62 and col. 7, 
lines 58-64). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to implement modules for encrypting and storing a document 
locally and authenticating the recipient prior to the delivery of the document as taught in 
Boebert in the system of Smith, because it would provide for protection of data and 
verification of the identity of the authorized recipient (col. 5, lines 8-12). 

Claim 18 

This claim is rejected over Smith in view of Boebert as applied to like elements of 
claim 17 above and the following. 

Smith discloses the storing of the recipient's public key (col. 5, lines 25-29 and 
col. 6, lines 50-67) in a database that either is residing on the delivery server or on a 
separate server. 
Claim 19 

This claim is rejected over Smith in view of Boebert as applied to like elements of 
claim 17 above and the following. 

Smith discloses that the software module (applet or plug-in), after generating the 
public and private keys (col. 5, lines 16-29), transmits the recipient public key to the 
delivery server to be stored in a database for future use. 
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Claim 20 

This claim is rejected over Smith in view of Boebert as applied to like elements of 
claim 17 above and the following. 

Smith discloses that the delivery sever (col. 5, lines 5-11) uses a software to 
notify the recipient by e-mail message that there is no public key for the recipient in the 
database. 

Claim 21 

This claim is rejected over Smith in view of Boebert as applied to like elements of 
claim 17 above and the following. 

Smith discloses that the secret key corresponding to the recited escrow key is 
provided to the users (col. 1, lines 33-55 and col. 7, lines 52-62) via a secure channel to 
be used as encryption and decryption key by the users. 

Claim 22 

This claim is rejected over Smith in view of Boebert as applied to like elements of 
claims 4 and 17 above. 

Claims 24 and 25 

These claims are rejected over Smith in view of Boebert as applied to like 
elements of claim 1 7 and 23 above and the following. 
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Smith discloses (col. 5, lines 5-15) that the Java Applet or Plug-in (corresponding 
to the recited registration module) that generates the recipient's public and private keys 
is transmitted to the recipient by the delivery server in an e-mail message (attachment). 
The recipient receives the said module by accessing a URL link (hyperlink). 

Claim 26 

This claim is rejected over Smith in view of Boebert as applied to like elements of 
claim 17 and 23 above and the following. 

Smith discloses (col. 7, lines 31-60 and col. 8, lines 1-10) that the delivery server 
is configured to forward to the recipient the secret key corresponding to the recited 
escrow key and the encrypted document. The Receive Client (a software) of the 
recipient receives the document and the secret key and uses the secret key to decrypt 
the document. 

Claim 27 

This claim is rejected over Smith in view of Boebert as applied to like elements of 
claim 17 and 23 above and the following. 

Smith discloses (col. 7, lines 26-30) that the Send Client (a software) of the 
sender transmits to the delivery server the encrypted secret key corresponding to the 
recited escrow key and the encrypted document. The delivery server may decrypt the 
document using the secret key and alternatively re-encrypt the document (col. 6, lines 
3-5) by using the recipient's public key. The encrypted document is then sent to the 
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recipient. The Receive Client within the recipient receives the encrypted document (col. 
7, lines 35-40) and uses the recipient private key to. decrypt the document. 

Claim 29 

Boebert discloses a system of secure transfer of data from a sender to a 
recipient over a public network (Fig. 12) that authenticates the recipient of the data by 
using a form of public-key algorithm using the private key of the recipient to encrypt a 
value and decrypt the value using the recipient public key (col.4, lines 53-67). 

Claim 30 

Boebert discloses that a notary or a local authority (corresponding to the recited 
certificate authority) digitally sign the public key of a private key holder i.e., issuing a 
certificate having some information about the holder, which corresponds to the recited 
making the public key available to the sender (col. 4, lines 40-52; col. 9, lines 12-28). 
Boebert also discloses that the recipient is authenticated based on decryption of a 
message using the public key of the recipient (col.4, lines 53-67). 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

US Patent No. 6,651,166 B1 to Smith et al. 



Application/Control Number: 09/332,358 



Page 16 



Art Unit: 2132 

US Patent No. 6,161,181 B1 to Haynesetal. 
US Patent No. 6,446,207 B1 to Vanstone et al. 
US Patent No. 6,397,261 B1 to Eldridge et al. 

Any inquiry concerning tliis communication or earlier communications from the 
examiner should be directed to Abdulhakim Nobahar whose telephone number is 703- 
305-8074. The examiner can normally be reached on M-F 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gllberto Barron can be reached on 703-305-1830. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status Information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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Examiner 

Art Unit 2132 
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